Obama – Medill National Security Zone http://nationalsecurityzone.medill.northwestern.edu A resource for covering national security issues Tue, 15 Mar 2016 22:20:28 +0000 en-US hourly 1 Obama promotes deal as the best alternative to war http://nationalsecurityzone.medill.northwestern.edu/blog/2015/08/11/obama-promotes-deal-as-the-best-alternative-to-war/ Tue, 11 Aug 2015 14:12:25 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=22884 Continue reading ]]>

President Barack Obama defended the Iran Deal at American University in Washington, D.C. Wednesday. “Now, we have before us a solution that prevents Iran from obtaining a nuclear weapon without resorting to war,” he said.

]]>
Obama to wounded warriors: ‘We’ve got your back’ http://nationalsecurityzone.medill.northwestern.edu/blog/2015/04/22/obama-to-wounded-warriors-weve-got-your-back/ Wed, 22 Apr 2015 19:56:45 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=21504 Continue reading ]]>
  • President Barack Obama speaks with spectators after the cyclists have set off on the Soldier Ride. (Nick Kariuki/MEDILL)
    President Barack Obama speaks with spectators after the cyclists have set off on the Soldier Ride. (Nick Kariuki/MEDILL)

WASHINGTON — Under clear skies, President Obama blasted an air horn Thursday to start the Wounded Warrior Project’s Soldier Ride from the White House’s South Lawn.

Speaking before the bikes rolled out, Obama said the event was “a chance to say to all the returning heroes that you’re not alone. That we’ve got your back. We’re going to be with you every step of the way.”

The nationwide, annual ride offers wounded service members and veterans the chance to salve the physical, mental and emotional wounds they may have suffered through cycling and the common bond of military service.

Over 50 riders from all branches of the armed forces signed up for the three-day, 60 mile challenge, many riding on adaptive bicycles.

Obama was joined by Vice President Joe Biden and Veterans Affairs Secretary Bob McDonald. This year marked the sixth time that the event was welcomed to the White House.

The first Soldier Ride was in 2004 when Chris Carney, a Long Island, New York, bartender, biked across the country to raise money for the Wounded Warrior Project, an organization that supports injured troops.

The WWP claims over 68,000 alumni and more than 10,500 family members involved, as of April 1.


Published in conjunction with Military Times Logo

]]>
FAA backed away from proposing privacy regulations for drones – but that might be a good thing, experts say http://nationalsecurityzone.medill.northwestern.edu/blog/2015/03/20/faa-backed-away-from-proposing-privacy-regulations-for-drones-but-that-might-be-a-good-thing-experts-say/ Fri, 20 Mar 2015 15:03:20 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=21201 Continue reading ]]> WASHINGTON—When the Federal Aviation Administration released its proposed “framework of regulations” for governing the commercial use of small unmanned aircraft systems last month, people were surprised. After years of failing to act on a 2012 congressional order to develop regulations, the FAA’s proposal seemingly fell from the sky – unexpected, and as it turns out, an unexpected gift to the drone community.

But noticeably missing from the proposed regulations? Privacy.

And the FAA owned up to it. In a privacy impact assessment issued along with the proposed framework, the agency stated that it “acknowledges that privacy concerns have been raised about unmanned aircraft operations. … These issues are beyond the scope of this rulemaking.”

That makes sense, according to Matt Waite. Privacy is not in its wheelhouse.

“The FAA has said all along that it is not a privacy organization – It is an aviation safety organization. They don’t have the experience or the skill[set] to be in the privacy business,” Waite added.

A professor of journalism and founder of the Drone Journalism Lab at the University of Nebraska-Lincoln, Waite said that the FAA more or less intentionally walked away from building privacy regulations into its proposal. “They had been talking about it and had been claiming that that was the reason it was all being delayed [as] they were considering privacy regulations … But ultimately, nothing.”

Waite said that the implications of that choice suggest that states are going to have to make up the difference.

“The FAA has wisely backed off all privacy issues [because] there’s no need for a new federal privacy bureaucracy [when] states already have protections in place,” said Charles Tobin, a privacy rights lawyer and partner at Holland & Knight.

“The laws that are on the books are all technology agnostic. They apply to computers, they apply to still cameras, they apply to wireless microphones, they apply to video cameras … and there’s no reason that they can’t be applied – as already written – to UAVs,” Tobin added.

He said he understands why people are concerned, but suggests we look to history for any insight we might need. “Since the turn of the century, people have expressed concerns about every single new phase of technology [that has been] developed to allow people to gather information in public places and private places, and so over the decades, states have developed a strong series of statutes and precedents in the courts that deal with electronic surveillance, eavesdropping, trespassing and just about any other concern for invasion of privacy.”

To add additional statutes would be more than redundant, Tobin said. It would be confusing for everyone involved. It also leaves the possibility that one law could potentially violate the other.

While recognizing that the FAA made the appropriate call when it chose to step aside, Tobin said the baton has simply been passed on down the line. A presidential memorandum issued the same day as the FAA’s proposed regulations relays the responsibility to “develop a framework regarding privacy, accountability, and transparency for commercial and private UAS use” to the Department of Commerce. The memo states that the department must initiate a “multi-stakeholder engagement process” within 90 days of the memo’s release – so it must begin work by mid-May. According to Tobin, “the development of private industry best practices” by the Department of Commerce is a positive step – but it should avoid stepping further.

Government trying to involve itself in the regulation of a specific piece of technology is just a terrible idea, Waite said. “As we are already seeing, the government lags way behind technology when it comes to laws that would deal with that technology. It’s taken the FAA a long time to come up with rules for these drones and they’re flying around right now. They’re being used for commercial purposes even though the FAA says, ‘No, you can’t do that.’” Law will forever lag behind technology, he said.

“So if that’s the case, then legislatures and policymakers need to acknowledge and accept that and begin to craft rules that are technology agnostic,” Waite added. Because therein lies the solution to any concerns that privacy might be invaded.

Waite said that the key is deciding what we don’t want people to do – what we need to prevent from happening. “We need to start thinking about what we consider a reasonable expectation of privacy in our modern times. And if that’s not allowing [me to] photograph [someone] streaking in their backyard, then that’s great. We can say I can’t do that. But it shouldn’t matter how I do that, [just that] you don’t want me to do it.”

It’s about understanding what we’re offended by. And then realizing that if privacy was violated, then how it was done is unimportant, he added.

The drone-related privacy concerns of the average American are actually pretty obvious, Waite said. They’re afraid of a drone operator peering into their windows like a 21st Century peeping tom, or using them to stalk and harass people. And they’re also afraid that someone might gather information about them and their behaviors.

Amie Stepanovich, senior policy counsel for privacy advocacy group Access Now, said these concerns are genuine because drone technology is in a league of its own. “Drones have [the] capacity to bring a bunch of different surveillance technologies onto a singular platform and to reach into areas that other vehicles have not been able to get to. For example, up into very high buildings or into inside spaces.”

But many of the acts people are fearful of are actually crimes, Waite said. They’re already illegal. “It is illegal for you to fly up and peer in[to] someone’s window, those peeping tom laws already handle that.” He admitted that some states aren’t as advanced as others because they require that an offender physically be on the property to be prosecuted as a peeping tom. “[But] that doesn’t take a great leap of mind to fix that real quick,” he added.

Gathering information through surveillance is a different issue, however, one steeped with potential for abuse. Stepanovich said that limitations should be put in place to restrict the ways in which government agencies can use drone technology. “It’s highly advanced and gives them a great deal [of] increased capability and can be used to collect a great deal of information,” she said.

“We need things that will, for example, protect users’ location information from being collected and tracked. … It comes back to tracking people over time without a warrant and being able to pinpoint their exact location. And this is true with drones but … there are several other different kinds of technologies that are coming out. And we need to make sure that that information is adequately protected.”

The presidential memo issued in conjunction with the FAA’s proposal states that agencies must “comply with the Privacy Act of 1974, which, among other things, restricts the collection and dissemination of individuals’ information that is maintained in systems of records, including personally identifiable information.”

The White House’s assurance that government agencies will be held accountable to legacy privacy standards is a good thing, Stepanovich said, but she recommends further attribution and transparency.

“The FAA has a publicly accessible database of who is able to fly airplanes in any specific geographic area in the United States. But they haven’t made a similar commitment to do that for drone operators,” Stepanovich said. She calls that a double standard.

People won’t know which agency, company or person is behind the remote of the drone flying over their homes. They’re already fearful, so that’s not the best way to go about this, Stepanovich added.

“And so the FAA definitely has a role to play in protecting privacy,” and she recommends the agency operate a full registry. “We’re talking about transparency, requiring that drone users register what technology they are deploying on their drones, and what capacity these drones will have. This just gets at making sure people are aware of what’s going on in their own area,” she added.

“But it should be up to Congress and other agencies to ensure that users don’t violate one another’s privacy rights.” That requires a separate law, but Stepanovich said it would be a mistake to make a new law for a singular piece of technology.

Like Waite and Tobin, she advises technology agnosticism when it comes to lawmaking. Because technology changes frequently. And for that same reason, Stepanovich said the drone privacy debate is an important one: “It will definitely be worth paying attention to because it’s really deciding the future of this technology in the U.S.”

All three agree that the next 24 months will be very exciting. “We’re sort of in the early years of the Wild West stage here, where the rules and the court cases [haven’t happened] yet,” Waite said. “But things are going to happen and they’re going to be tested in court and they’re going to be squared to our constitutional values and when they are, we’ll actually have a fairly stable system.”

“But until then you’re going to have some crazy stuff going on,” Waite added. “You’re going to see people doing things that were never envisioned and you’re going to see [drones] being used in ways that we hadn’t thought of yet. And some of that’s going to be cool and neat and some of it’s going to be kind of ugly.”

One thing is guaranteed: The waiting game has just begun.

]]>
White House pushes for student data regulations http://nationalsecurityzone.medill.northwestern.edu/blog/2015/03/19/white-house-pushes-for-student-data-regulations/ Thu, 19 Mar 2015 21:32:07 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=21196 Continue reading ]]> WASHINGTON — When the educational company ConnectEDU filed for bankruptcy about a year ago, it tried to do what any business would — sell off its most valuable asset: student data.

Millions of students submitted personal information such as email addresses, birth dates and test scores to the college and career planning company.

The Federal Trade Commission eventually stopped any transactions involving the data after noting that they violated ConnectEDU’s privacy policy.

Some student educational records are protected through the Family Educational and Privacy Rights Act, or FERPA. Originally signed into law in 1974, FERPA essentially protects the records schools collect on students and gives parents certain oversight and disclosure rights.

The growing influence of technology in classrooms and in administrative data collection, though, is making FERPA out-of-date.

Teachers, students and parents now routinely submit information to educational services companies, such as ConnectEDU. FERPA does not regulate how these companies use that data. And there is no other federal law that does. The companies’ own privacy policies are the only limit to what the companies can do with the information users provide.

The concern is that ConnectEDU may not be the only education technology company that is trying to sell its data to third parties.

ConnectEDU’s databases, for example, were filled with students’ personally identifiable information including names, birthdates, email addresses and telephone numbers. The sale of that information to other companies is not regulated.

In order to make FERPA up-to-date, President Barack Obama, in conjunction with partners in the private sector, called for a legislation to establish a national standard to protect students’ data in January.

“It’s pretty straightforward,” Obama said in a speech at the Federal Trade Commission. “We’re saying the data collected on students in the classroom can be used for educational purposes — to teach our children, not to market to our children. We want to prevent companies from selling student data to third parties for purposes other than education. We want to prevent any kind of profiling about certain students.”

Dubbed the Student Digital Privacy Act, the White House’s plan is loosely based on a 2014 California law that prohibits third-party education companies from selling student information. While other states have laws regulating and increasing the transparency, regulation and collection of student data, the California law seems to be the most far-reaching.

Because FERPA doesn’t cover third-party use, some private sector leaders have taken a vow to establish clear industry standards for protecting student data through the Student Privacy Pledge.

Created by the Future of Privacy Forum and the Software and Information Industry Association in the fall of 2014, Obama mentioned the pledge as an encouraging sign for the protection of student information.

“I want to encourage every company that provides these technologies to our schools to join this effort,” Obama said. “It’s the right thing to do. And if you don’t join this effort, then we intend to make sure that those schools and those parents know you haven’t joined this effort.”

So far, 123 companies have signed the pledge, including tech and education giants such as Apple, Microsoft, Google and Houghton Mifflin Harcourt.

“There was a lack of awareness, information and understanding about what school service providers did and didn’t do with data and what the laws required and allowed,” Mark Schneiderman, senior director of education policy at SIIA, said. “Rather than waiting for public policy and public debate to play itself out, we figured, let’s just step in and make clear that the industry is supporting schools, is using data only for school purposes, not selling the data, not doing other things that there was a perception out there that maybe [companies were doing].”

The National Parent-Teacher Association and other groups support the pledge, according to Schneiderman.

“It is imperative that students’ personal informational formation is protected at all times,” the National PTA wrote in a statement.

The companies that signed the pledge are not subject to any policing body, but by signing the pledge they show consumers their commitment to student privacy, Schneiderman said.

But many notable educational technology companies, like Pearson Education, have not signed the pledge. Pearson was recently the subject of a POLITICO investigative report that revealed that the company’s use of student data was unmonitored.

According to the report, Pearson claims it does not sell the students’ data it collects.

The College Board, ACT and Common Application are often viewed as integral to the college admissions process, but are also not included in the pledge.

Instead, these education companies point consumers to their privacy policies, which can often be difficult to understand because of the legal jargon and ambiguous terms.

Some groups such as the Parent Coalition for Student Privacy think the pledge and the privacy policies aren’t enough.

“We also need strong enforcement and security mechanisms to prevent against breaches,” Leonie Haimson, one of the group’s co-chairs, said in a statement responding to Obama’s speech. “This has been a year of continuous scandalous breaches; we owe it to our children to require security provisions at least as strict as in the case of personal health information.”

Out of the 12 commitments listed in the pledge, only one deals with preventing leaks or breaches.

The signees must “maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks,” the pledge states.

Haimson said the policies are a decent start, but do not go nearly far enough in protecting educational data.

Regardless, a bill for a comprehensive national standard has yet to be introduced despite the White House’s push.

In early February, though, the White House said that it had been working closely with Republican Rep. Luke Messer of Indiana and Colorado Democrat Rep. Jared Polis to introduce a bipartisan bill to Congress.

The bill’s release is expected by the end of the month, according to Messer’s office.MINTZERPRIVACY (9) 2

]]>
Private sector remains wary of government efforts to increase cybersecurity collaboration http://nationalsecurityzone.medill.northwestern.edu/blog/2015/03/19/private-sector-remains-wary-of-government-efforts-to-increase-cybersecurity-collaboration/ Thu, 19 Mar 2015 14:49:28 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=21085 Continue reading ]]> WASHINGTON– President Barack Obama and lawmakers have announced plans to increase information sharing between the government and the private sector following data breaches at major companies. But companies are hesitant to join these initiatives because of liability and privacy concerns – and sharing information could put them at a competitive disadvantage.

Experts agree information sharing is essential in preventing and responding to cyber attacks, but the government and private sector bring different perspectives and strategies to mitigating the threats.

Companies need to take the approach that there is “strength in numbers,” said Greg Garcia, executive director of the Financial Services Sector Coordinating Council.

“To the extent that we can have what amounts to a neighborhood watch at a national scale, then were going to be better aware of the adversaries and what they’re up to and what they’re trying to do,” Garcia said.

One area where progress has been made is in the sharing of cybersecurity threat indicators, which identify the source of cyber attacks, said Mary Ellen Callahan, former chief privacy officer at the Department of Homeland Security. These indicators can include bad IP addresses, malware that’s embedded in emails or specific coding in software, she said.

DHS and the Mitre Corporation have developed programming languages to improve communication about cyber threat information between the government and the private sector. Structured Threat Information Expression and Trusted Automated Exchange of Indicator Information, known as STIX and TAXII respectively, are used in tandem to quickly share the information.

“It’s one thing to have these executive orders and things, but it’s another to have the technical enablers to make it easy for these companies to do it,” said John Wunder, lead cybersecurity engineer at Mitre. “You want to make it easy to share threat information in a way that you share exactly what you want.”

Yet, these programs haven’t fully developed and more participation is needed to make them effective, said Judith Germano, a senior fellow at New York University School of Law’s Center on Law and Security.

“I hear from companies that they are often less concerned about where the threat is coming from, but what is the threat and what can they do to stop it,” she said. “That’s the valuable information. Some of that is being shared and is very helpful, but it needs to be expanded.”

Last month, Obama announced an executive order promoting cybersecurity information sharing. The order encouraged the development of information sharing and analysis organizations to spearhead collaboration between the private sector and government. He tasked DHS with creating create a nonprofit organization to develop a set of standards for ISAOs.

Despite these efforts, robust information sharing is still lacking.

“Everyone wants information. Nobody wants to give information,” said Mark Seward, vice president of marketing at Exabeam, a big data security analytics company.

Companies fear sharing information with the government could reveal corporate secrets or consumers’ private information, said Martin Libicki, a senior management scientist at the RAND Corporation. He added sharing information with the government could also pose legal risks if the information shows companies did not follow federal regulations.

Germano, who also runs a law firm focused on cybersecurity issues, says cybersecurity collaboration comes down to a matter of trust. The private sector, she said, is weary of the government.

“On one hand [the government is] reaching out as a friend and collaborator to work with companies,” she said. “On the other hand, the same government has an enforcement arm outstretched with the FTC, the SEC that if you do not comply, there can be repercussions, possible lawsuits and other regulatory action taken against you.”

Therefore, only information that is directly related to a threat should be shared and stored, said Callahan, now a partner at Jenner & Block. Further, she said when companies share a large amount of information at once it slows down the process of assessing the threat and they often share more information than is necessary.

The U.S. also lacks “an intelligent and forceful deterrence strategy” for cyber attacks, said Matthew Eggers, senior director of the U.S. Chamber of Commerce’s national security and emergency preparedness department, at a Congressional hearing earlier this month. He also said the government needs to provide more assistance to companies who have suffered from hacks.

“U.S. policymakers need to focus on pushing back against illicit actors and not on blaming the victims of cybersecurity incidents,” Eggers said. 

To address some of these concerns, Sen. Tom Carper, D-Del., introduced in February the Cyber Threat Sharing Act of 2015, which looks to provide liability protections for companies when they share cyber information with the government.

The bill would prohibit the government from using shared cyber threat data as evidence in a regulatory action against the company that shared the information. It also strengthens privacy protections and limits how shared data could be used. The bill has been referred to the Committee on Homeland Security and Governmental Affairs.

In February, Obama also called on the Director of National Intelligence to create the Cyber Threat Intelligence Integration Center, a national intelligence center aimed at “connecting the dots” on cyber threats. The center will “collect intelligence, manage incident response efforts, direct investigations” among other responsibilities.

However, experts remain skeptical about the center.

“What concerns me about that is if you read the president’s memoranda on [the Cyber Threat Intelligence Integration Center], it says that it’s consistent with privacy and civil liberties protections as relevant to that agency,” said Callahan, the Jenner & Block lawyer. “Well, the intelligence community, as you know, has reduced private protections.”

The center’s framework will be similar to that of the National Counterterrorism Center, which is a concern for Libicki, of the RAND Corporation.

“The last cyber attack had elements of terrorism in it. Does that mean we should look at this entire problem purely through the lens of counterterrorism?” Libicki said. “Why are you duplicating a methodological framework that culminates in a set of actions, like predator drones, which are totally inappropriate for cyber?”

Kathleen Butler, a spokesperson for the Office of the Director of National Intelligence, did not have any additional comment beyond the president’s announcement of the center as she said initial planning is still underway.

While experts say it will take time for the private sector to fully engage in the information sharing initiatives, the government’s efforts have been mostly positive.

“This is about enabling people to share what they know and get access to what others know such that protection can be more pervasive,” said Bobbie Stempfley, Mitre’s director of cybersecurity implementation. “That’s really a powerful concept.”

]]>
Political analyst Al From talks Democratic Party readiness for 2016 http://nationalsecurityzone.medill.northwestern.edu/blog/2015/03/17/political-analyst-al-from-talks-democratic-party-readiness-for-2016/ Tue, 17 Mar 2015 15:45:43 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=21074 Continue reading ]]> WASHINGTON — Democratic Leadership Council founder and Medill M.S.J. alum Al From turned a critical eye onto his own party during a March 12 visit to the Medill Washington newsroom.

During the talk with Medill undergraduates, From discussed the history of the contemporary Democratic party, political strategy and his analysis of the Democratic party’s prognosis in the battle for the White House in 2016. From’s book “The New Democrats and the Return to Power” serves as a historical guide to how the modern Democratic party came together, but he dedicated much of his current analysis to the party’s future and he pulled no punches.

From started off his evaluation of the Democrats’ current obstacles by calling out Democrats for prioritizing fancy campaign delivery mechanisms over a relatable platform.

“The truth is, despite all the talk about different ways to communicate, you know, no amount of money or technology or social media or campaign strategy or tactics can make up for a message that doesn’t connect with voters,” From said.

He went on to accuse Democrats of being too comfortable with their historic “demographic advantage” in presidential elections and not taking into account factors such as the potential flippability of the Hispanic vote and the recent Republican capture of the Asian vote. From emphasized the idea that “votes are not necessarily forever” and noted that President Barack Obama’s absence from the 2016 ballot could significantly impact the minority and youth votes for the worse.

From also underscored the importance of working to improve the economy vs. solely focusing on minimum wage. He cited an old friend’s success as a case study for this point, attributing the decrease in American equality observed under Bill Clinton’s presidential administration to national economic growth.

“The problem with the Democrats is you spend so much time worrying about the, uh, about passing out the golden eggs, you forget to worry about the health of the goose,” From explained.

Additionally, From said that members of his party must keep healthcare reinvention and modernization at the forefront of their considerations, since there is a correlation between the efficiency of federal services and the public’s faith in government.

“I learned at a very young age that government reform is not an advocation of liberal goals; it’s essential to achieving them,” he said. “Government is our vehicle for doing good things.”

]]>
Private sector advises Obama’s cybersecurity proposal http://nationalsecurityzone.medill.northwestern.edu/blog/2015/03/10/private-sector-advises-obamas-cybersecurity-proposal/ Tue, 10 Mar 2015 19:00:32 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=20966 Continue reading ]]> WASHINGTON —President Barack Obama’s cybersecurity information sharing proposal – with its focus on sharing only targeted threat information between private firms and the government is a better approach than “ill-advised” widespread sharing, a former top privacy official for homeland security said Wednesday.

The Committee on Homeland Security’s Cybersecurity, Infrastructure Protection and Security Technologies subcommittee heard from industry, privacy and academic experts regarding what they think cyber threat information sharing should look like. The previous week, Department of Homeland Security representatives went before the entire committee to explain how this legislation could protect Americans from increasing cybersecurity threats.

Obama’s three-part proposal includes increased sharing among private sector companies and between them and the government. It also encourages the formation of Information Sharing and Analysis Organizations and creates certain guidelines for both the private and federal sectors regarding personal information retention and sharing.

Under the legislation, businesses would share information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, which would pass it onto relevant federal agencies and ISAOs. Participating businesses would receive targeted liability protection in return.

Mary Ellen Callahan, former Department of Homeland Security chief privacy officer, agreed with this targeted sharing approach, calling immediate widespread sharing of threats “ill-advised.” According to Callahan, private sector threats–usually IP addresses and URLs–are reported to the DHS, and then distilled to remove any personal information.

In the end, government security professionals only have information on the threat, its source and target, and how to combat it.

Subcommittee Chairman John Ratcliffe, R-Texas, referred to recent breaches at companies such as Anthem, Sony Pictures, Target and J.P. Morgan as examples of why the legislation is needed. “We need to pass legislation that facilitates the sharing of cyber threat indicators and contains robust privacy protections to improve collaboration between federal civilian agencies, like DHS, and the private sector,” he said.

Many companies choose not to share cyber threat indicators or breaches with one another or the government for fear of legal liability, or having their names in the media as companies with poor cybersecurity. Without this sharing of information, hackers can use the same tactics repeatedly with multiple companies.

Private companies want to see a bill that would allow them to voluntarily share cyber threats with other organizations, but have flexibility in what they share with the government, according to Matthew Eggers, senior director of National Security and Emergency Preparedness for the U.S. Chamber of Commerce.

“This is a bill trying to convince them to participate in a voluntary program that makes their lives more difficult. For folks like me saying ‘I’m not fond of government being in my cell or ERP (Enterprise Resource Planning–software for data management),’ that’s going to be a neat trick,” Eggers said.

The key will be convincing companies that Obama’s proposal would better protect everyone in the long run.

“We need a federated sharing community, not a competitive one,” Greg Garcia,
executive director of the Financial Services Sector Coordinating Council, said. “Withholding info to get ahead… Balkanizing or siloing information–that defeats the purpose.”

This is not the first time Obama has proposed legislation to safeguard America from cyber attacks. In 2011, he rolled out his Cybersecurity Legislative Proposal in an effort to give the private sector and government the tools they need to combat cyber threats. In 2013, he issued the Executive Order on Improving Critical Infrastructure Cybersecurity, which established cybersecurity framework standards that were developed in tandem with the private industry.

]]>
Who’s afraid of the World Wide Web? Major advertisers agree to ‘do not track’ technology http://nationalsecurityzone.medill.northwestern.edu/blog/2012/03/08/whos-afraid-of-the-world-wide-web-major-advertisers-agree-to-do-not-track-technology/ Thu, 08 Mar 2012 17:08:31 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=9858 Continue reading ]]> WASHINGTON — In an effort to ensure online privacy for consumers, major online advertisers have come together after more than a year to install “do not track” technology into Web browsers in compliance with new White House privacy guidelines.

The technology is one of several requirements included in the Obama administration’s “Privacy Bill of Rights” announced this month.

A “do not track” button allows users to opt out of having their Web history tracked by third parties, including advertising networks, analytics services and social platforms. These groups commonly use consumer data to craft customized ads and other offers related to employment, credit, health care and insurance.

However, the button will not put an end to all tracking. Advertisers will still be able to use online consumer information for market research and product development. In addition, all online data will still be available to law enforcement officials.

Loopholes will still exist for certain companies as well, according to Consumer Reports. Even if users click the “do not track” button, Google will be able track searches if conducted while users are signed into Google services, such as their Gmail account. The same is true for Facebook, which will be able to track logged-in users through the “Like” and “Share” buttons on outside pages.

“It’s a good start,” Christopher Calabrese, legislative counsel at the American Civil Liberties Union, said of Obama’s privacy initiative in an interview with the Wall Street Journal. “But we want you to be able to not be tracked at all if you so choose.”

Implementation of “do not track” is not new – several companies already offer the technology on their browsers, including Mozilla’s Firefox and Microsoft’s Internet Explorer. Apple has promised a version of the button in its next edition of Safari, according to The Washington Post. Google is expected to install the button on its Chrome browser by the end of this year.

Despite the option’s presence and calls to implement it by the Federal Trade Commission beginning in 2010, until recently all advertisers had not agreed to honor the system.

Now, 400 companies in the Digital Advertising Alliance have agreed to abide by the request from the White House, according to reports from the Wall Street Journal.

“Central to the value proposition of the Internet is trust,” said a representative for the group in a statement. “Consumers must trust that their personal data will be kept private and secure as they surf the Web aboard myriad devices seeking news, services and entertainment tailored to their very personal interests.”

“[This] marks not the end of a journey, but the beginning of an important collaboration among government, business, and consumer organizations to assure that the free Internet…can continue to flourish.”

Members of the Alliance will begin honoring the agreement within the next nine months.

The White House released its bill on Thursday, after the conclusion of a two-year study on the collection of consumer data online. The proposal outlines seven privacy guidelines pertaining to personal data: individual control, transparency, respect for context, security, access and accuracy, focused collection and accountability.

The framework would allow users more personal control over what information is collected about them and how it is used.

According to PC Magazine, even if the administration’s rules are not approved by Congress, the measures could still be put in place if a cohesive industry agreement is made.

 

]]>
Proposals to extend Patriot Act provisions advance http://nationalsecurityzone.medill.northwestern.edu/blog/2011/03/15/proposals-to-extend-patriot-act-provisions-advance/ Tue, 15 Mar 2011 19:58:03 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=5205 Continue reading ]]>
Leahy's proposal to extend the Patriot Act

A screen shot of Sen. Patrick Leahy's, D-Vt., bill to extend three controversial provisions of the Patriot Act until December 2013.

WASHINGTON — The Senate Judiciary Committee voted Thursday to extend three contentious Patriot Act provisions until the end of 2013, and place a sunset on another section covering the use of National Security Letters while adding oversight authority to monitor surveillance tools.

The bill is sponsored by committee Chairman Patrick Leahy, D-Vt., and is one of several multiple-year extension proposals of the Patriot Act provisions up for debate. At the end of 2013, the provisions would “sunset” or expire.

Approved by a 10-7 vote, the legislation would extend Patriot Act authorities to use roving wiretaps on multiple electronic devices and to obtain court-approved access to business records deemed relevant to terrorist investigations.

It also would continue the authority to conduct secret surveillance of “lone wolf” terrorism suspects who are not Americans. These are alleged terrorists who don’t operate as part of al Qaeda or other terrorist groups.

The panel’s decision to sunset National Security Letters in December 2013 as well represents an attempt to appease civil liberties groups, who are frustrated by the lack of checks and balances on the provisions.

The letters have gained notoriety because they compel businesses to turn over customer records without probably cause or judicial oversight, and are often accompanied by gag orders.

Leahy said the bill strikes a balance between national security and civil liberties interests, but sunsets aren’t enough, said Michelle Richardson, legislative counsel at the American Civil Liberties Union.

“We are not asking that they sunset, we are asking that they be amended,” Richardson said. “We’ve been asking for the same thing for 10 years—that reasonable checks and balances be put into these tools so they can no longer be used to collect information on innocent people or people who aren’t suspected of doing anything wrong.”

Richardson said the increased congressional oversight in Leahy’s extension is not a permanent solution.

“For us oversight does not take the place of substantive amendments in the law,” she said.

Whether the provisions actually would be at risk of expiring depends on whether Congress would take any further action before the deadline. That’s the catch with sunset provisions. So far the government has acted every time, keeping much of the 2001 law intact and effectively creating a sense of permanency.

Congress first reauthorized the Patriot Act with a pair of bills passed in 2005 and 2006, reasoning it was still needed to effectively fight terrorism. When the three controversial provisions came up for renewal in 2010, President Barack Obama signed a one-year extension. And before they would have expired last month, lawmakers quickly tacked on another 90-day extension.

This series of short-term extensions has kept the Patriot Act alive and most likely such extensions will continue to be approved, said Paul Rosenzweig, former deputy assistant secretary for policy in the Department of Homeland Security.

“Some in the Republican side say let’s stop doing this,” Rosenzweig said. “Let’s just get it done and make it permanent. I think that that’s a question for the debate going forward.”

Sen. Dianne Feinstein, D-Calif., chairman of the Senate Intelligence Committee, has introduced legislation that would extend the three expiring provisions through 2013 with no opportunity for amendment. Her proposal does not include the oversight included in Leahy’s bill.

The third major proposal is co-sponsored by Sen. Chuck Grassley, R-Iowa, and Senate Minority Leader Mitch McConnell, R-Ky. It would permanently extend the provisions.

Meanwhile former CIA Director Michael Hayden has come out against any efforts to restrict Patriot Act provisions.

In a Washington Post opinion piece he co-authored with former Attorney General Michael Mukasey, they said, “The wall between intelligence-gathering and criminal investigation, thought before Sept. 11 to have been required by statute or the Constitution, but realized afterward to have been unnecessary, will be rebuilt.”

Leahy’s bill now goes before the entire Senate for a vote. Whatever the outcome, Rosenzweig said the Patriot Act is not dead yet.

“Reviving it in some form will happen, it’s really just a question of exactly what deal gets cut,” he said.

]]>